* sec_auth.cc (get_server_groups): Call get_logon_server only for
non-builtin accounts. * uinfo.cc (pwdgrp::fetch_account_from_windows): Check incoming account name for validity in terms of the current name prefixing rules and refuse invalid names.
This commit is contained in:
@ -465,7 +465,11 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
|
||||
__seterrno ();
|
||||
return false;
|
||||
}
|
||||
if (get_logon_server (domain, server, DS_IS_FLAT_NAME))
|
||||
/* If the SID does NOT start with S-1-5-21, the domain is some builtin
|
||||
domain. The search for a logon server is moot. */
|
||||
if (sid_id_auth (usersid) == 5 /* SECURITY_NT_AUTHORITY */
|
||||
&& sid_sub_auth (usersid, 0) == SECURITY_NT_NON_UNIQUE
|
||||
&& get_logon_server (domain, server, DS_IS_FLAT_NAME))
|
||||
get_user_groups (server, grp_list, user, domain);
|
||||
get_user_local_groups (server, domain, grp_list, user);
|
||||
return true;
|
||||
|
Reference in New Issue
Block a user